Clan x86

Technical (Development, Security, etc.) => General Programming => Topic started by: Newby on January 01, 2005, 10:51:10 pm

Title: NGSec [Hacking]
Post by: Newby on January 01, 2005, 10:51:10 pm: I'm stuck on level 10. I think the binary is encrypted. :/

http://quiz.ngsec.biz/game1
Title: Re: NGSec [Hacking]
Post by: deadly7 on February 28, 2005, 06:09:53 pm: I've been playing this game for the last HALF HOUR. I can't even get past level 2. i've tried this:

<Start -Run>
TELNET quiz.ngsec.com 80
(boom it opens up that)
GET /game1/level2/l33t.php HTTP/1.0

And I've even tried
GET /l33t.php HTTP/1.0

I'm a bad haxxor. :(
Title: Re: NGSec [Hacking]
Post by: Networks on March 01, 2005, 12:05:37 pm: Quote from: deadly7 on February 28, 2005, 06:09:53 pm
I've been playing this game for the last HALF HOUR. I can't even get past level 2. i've tried this:

<Start -Run>
TELNET quiz.ngsec.com 80
(boom it opens up that)
GET /game1/level2/l33t.php HTTP/1.0

And I've even tried
GET /l33t.php HTTP/1.0

I'm a bad haxxor. :(

Don't you have to type the full URL like:

GET quiz.ngsec.com/game1/level2/l33t.php HTTP/1.0

or which ever file, I know I do that in trying to get my news text file for vanquish using the winsock control.
Title: Re: NGSec [Hacking]
Post by: rabbit on March 01, 2005, 06:38:29 pm: You don't use get at all for level 2, and your request is invalid anyways:
Quote
cls
telnet quiz.ngsec.com 80
POST /game1/level2/validate_l33t.php HTTP/1.0
Host: quiz.ngsec.com
Referer: http://i.own.your.mom/
From: iown@your.mom
User-Agent: HTTPTool/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 11

password=:)

The password and referer are WRONG, because I don't want to GIVE you the answers, but you get the point :)

[edit]
Got to level 5 in 25 minutes. I'm stopping now to go do other things.
Title: Re: NGSec [Hacking]
Post by: Mythix on March 01, 2005, 10:37:25 pm: I think level 5 is where I stopped at last time and gave up on it.
Title: Re: NGSec [Hacking]
Post by: deadly7 on March 01, 2005, 11:12:06 pm: Quote from: R.a.B.B.i.T on March 01, 2005, 06:38:29 pm
You don't use get at all for level 2, and your request is invalid anyways:
Quote
cls
telnet quiz.ngsec.com 80
POST /game1/level2/validate_l33t.php HTTP/1.0
Host: quiz.ngsec.com
Referer: http://i.own.your.mom/
From: iown@your.mom
User-Agent: HTTPTool/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 11

password=:)

The password and referer are WRONG, because I don't want to GIVE you the answers, but you get the point :)

[edit]
Got to level 5 in 25 minutes. I'm stopping now to go do other things.

WTF ARE THOSE LINKS FOR THEN?! :(
Title: Re: NGSec [Hacking]
Post by: rabbit on March 02, 2005, 06:10:01 pm: Examples.
Title: Re: NGSec [Hacking]
Post by: deadly7 on March 02, 2005, 07:49:06 pm: Not those..
Go back to the page, and then click the links it gives..
If you don't use the GET command, wtf DO you use?
Title: Re: NGSec [Hacking]
Post by: iago on March 03, 2005, 01:33:15 pm: Besides GET, there is also POST, HEAD, and I think WRITE.
Title: Re: NGSec [Hacking]
Post by: rabbit on March 03, 2005, 06:28:02 pm: The link given is an introduction to the use of HTTP, you're supposed to go further and figure out how you can do what you need to to progress.
Title: Re: NGSec [Hacking]
Post by: vursed on March 31, 2005, 06:03:57 am: http://quiz.ngsec.biz:8080/game1/level1/index.php
http://quiz.ngsec.biz:8080/game1/level2/l33t.php
http://quiz.ngsec.biz:8080/game1/level3/NGrules.php
http://quiz.ngsec.biz:8080/game1/level4/tryforfun.php
http://quiz.ngsec.biz:8080/game1/level5/achtung.php
http://quiz.ngsec.biz:8080/game1/level6/replicant.php
http://quiz.ngsec.biz:8080/game1/level7/net-dreamer.php

as far as i got.

edit.. found a guide .. heh

http://nocon.darkflame.net/notes/Game1-solutions.txt